Fwd: Some legal trouble with TOR in France
coderman
coderman at gmail.com
Tue May 16 14:09:04 PDT 2006
On 5/15/06, Justin <justin-cypherpunks at soze.net> wrote:
> On 2006-05-15T08:12:17-0700, coderman wrote:
> > ah, reputation and trust. my favorite crux
>
> Uh-huh, or maybe le France is a haven for anonymous communications, and
> this FUD is a joint project of other western governments... governments
> that DO control all tor and remailer services within their borders.
i suppose my point was that trusting tor as it stands is a leap of
faith. there is little visibility as far as node selection criteria
for addition to the directory, the information and physical security
aspects of the servers within the directory, and the reputation of the
node operators with respect to "rubber hose / threatened
incarceration" attacks and the associated trust level to assign in
such a context.
much better than nothing, but i still consider tor useful mainly for
keeping your source IP out of webserver logs. any other government /
malicious entity can compromise accordingly. (i know this isn't the
situation overall, but i assume as much so i won't be surprised by a
worst case)
i used to run a peertech node on a dedicated server. this host was
compromised by tech staff at the facility with physical access and
ever since i've refused to operate a node until i could be sure
physical security was assured.
i tend to consider any service that relies on host integrity also
reliant on a number of other prerequisites like:
- physical security to prevent unauthorized access
- hard disk encryption to prevent unauthenticated disclosure (esp.
seizure of hardware)
- infosec best practices to keep attack surface minimal (firewalls,
chroot, VM's, POLA, etc)
for the situation mentioned in parent thread, i'd like to know that if
the TLA comes knockin' my key scrubbing loop-aes turns all disks into
large entropy stores the moment power is killed upon any attempted
seizure.
most services currently assume the disk is private. if you want a
private disk, you need full disk encryption (key scrubbing in RAM++)
tied to strong authentication.
More information about the cypherpunks-legacy
mailing list